Lawyers e-Journal

Law Practice Management Tip

Make e-mail more secure with two factor authentication

E-mail. It is both boon and bane. I cannot resolve all of your
e-mail conundrums with one tip, but I can reduce your chance of
being hacked.

Gmail subscribers can activate "two factor authentication" (TFA)
to improve the security of their e-mail account. TFA simply means
requiring two things to accomplish a task. For example, an
Automatic Teller Machine (ATM) requires you present your ATM card
(factor one) and input your PIN (factor two) before dispensing
currency. The original TFA may have been the Biblical backstory
of the word Shibboleth in which a tribe known as the Gileadites
asked suspected enemies two questions to confirm their identities
and loyalties. Those failing to answer both questions correctly
were put to death.

Fortunately, Gmail's TFA is not so harsh. Once you activate TFA,
Gmail requires two things to access your e-mail: (1) your password,
and (2) a single-use verification code Google generates. Google
offers three methods to receive this verification code: a
standalone smartphone app that does not require a cell signal, a
text message or a voice call. If you so choose, a log-in using TFA
will remain effective for 30 days. This system is more secure than
a password alone because a potential hacker needs both your
password and the verification code (which is only available on your
smartphone or other designated phone) to access your account.

A step-by-step video on implementing TFA in Gmail can be found
at Matt Cutts' blog in
an August 6, 2012 post entitled "Please turn on two-factor
authentication." Matt, the leader of Google's Webspam Team, also
debunks the some common misconceptions about TFA and provides links
with more information on relevant topics. The website Lifehacker.com offers a written
step-by-step
guide to activating TFA for Gmail. Additionally, Yahoo and
Facebook both offer TFA; see
here and here,
respectively. Yet, as of this writing, other common e-mail or
communication services have not implemented TFA as thoroughly as
Google.

You also should do your part by exercising password diligence.
Use difficult-to-guess passwords and do not reuse passwords for
multiple services. I appreciate that remembering multiple unique
passwords is vexing. To manage numerous passwords you may wish to
learn more about password management services. Both Stephanie Kimbro and
I discussed password management solutions in this
Lawyer's Weekly article. North Carolina practice
management advisor Erik
Mazzone's review of the password management program LastPass is also an excellent
resource. Links to Erik's review and the websites of several
password management program providers are available in a prior LPM
tip. A direct link to that tip is
at this LOMAP blog post.